content.json

{"meta":{"title":"happylzyy's Blog","subtitle":"","description":"","author":"happylzyy","url":"http://happylzyy.github.io","root":"/"},"pages":[{"title":"Repositories","date":"2024-03-07T11:33:39.898Z","updated":"2021-08-05T16:13:35.000Z","comments":false,"path":"repository/index.html","permalink":"http://happylzyy.github.io/repository/index.html","excerpt":"","text":""},{"title":"About","date":"2024-03-07T11:33:39.898Z","updated":"2022-07-03T09:54:45.000Z","comments":false,"path":"about/index.html","permalink":"http://happylzyy.github.io/about/index.html","excerpt":"","text":"学习经历 某年月日 就读于某带专某说唱专业 目前研究僧进行中... 个人简介 喜欢搞事情。 喜欢诚实勇敢的人，讨厌内心险恶的人。 寄语 这世上一定存在着善良，值得我们奋战到底。 —— J. R. R. Tolkien, The Lord of the Ring"},{"title":"Tags","date":"2024-03-07T11:33:39.895Z","updated":"2022-07-03T09:55:16.000Z","comments":false,"path":"tags/index.html","permalink":"http://happylzyy.github.io/tags/index.html","excerpt":"","text":""},{"title":"Categories","date":"2024-03-07T11:33:39.898Z","updated":"2022-07-03T09:55:00.000Z","comments":false,"path":"categories/index.html","permalink":"http://happylzyy.github.io/categories/index.html","excerpt":"","text":""}],"posts":[{"title":"How to enable both secure boot and LUKS with TPM","slug":"enable-secure-boot-and-luks-tpm","date":"2024-08-09T14:16:24.000Z","updated":"2024-08-09T14:23:50.488Z","comments":true,"path":"2024/08/09/enable-secure-boot-and-luks-tpm/","link":"","permalink":"http://happylzyy.github.io/2024/08/09/enable-secure-boot-and-luks-tpm/","excerpt":"","text":"Secure Boot and LUKS TPM Prepare Install all packages we need 1yay -S sbctl tpm2-tss tpm2-tools follow this guideline , generate Machine Own Key and enroll it into the EFI variables. Install bootloader this section changes bootloader from grub to systemd-boot, because grub has not support to LUKSv2. Change esp partition mount point from /boot/efi to /efi permanently. If the esp mount point remains unchanged, grub packages should be removed. 1234umount /boot/efisudo mkdir -p /efisudo sed -i 's/\\/boot\\/efi/\\/efi/g' /etc/fstabmount -a Delete old boot entry and install new bootloader 123OLD_MANJARO="$(efibootmgr | grep "manjaro" | cut -d' ' -f1 | cut -c 5-8)" # Manjaro is old boot entry nameefibootgmr -b "${OLD_MANJARO}" -B # delete old boot entrybootctl install && systemctl enable systemd-boot-update.service # install systemd-boot After installation, it should be a new boot entry \"Linux Boot Manager\" appeared in the UEFI boot menu. Open /boot/efi/loader/loader.conf and add there default @saved. This will make systemd-boot select your previously booted kernel by default. Another useful change is setting timeout to 1 or 2, most likely that’s long enough period to see bootloader’s menu and stop countdown if needed. Configure initramfs mkinitcpio.conf Replace HOOKS array in /etc/mkinitcpio.conf and save old ones commented in the end of the file just in case: 12OLD_HOOKS=$(cat /etc/mkinitcpio.conf | grep "^HOOKS=(")sed -i 's|'"${OLD_HOOKS}"'|HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck)|' /etc/mkinitcpio.conf && echo '#previous_'$OLD_HOOKS |tee -a /etc/mkinitcpio.conf Also for better (de)compression speed/efficiency ratio consider setting COMPRESSION=\"zstd\" in your /etc/mkinitcpio.conf if not set already. Note though that this works only starting from linux 5.10. crypttab.initramfs Do the following to add entry about LUKS partition to crypttab.initramfs 12UUID=$(sudo blkid -s UUID -o value /dev/nvme0n1p5)sudo echo luks-$UUID UUID=$UUID none tpm2-device=auto > /etc/crypttab.initramfs cmdline Create cmdline with the current boot parameters of the system Optionally, /etc/cmdline.d can be used for more flexible configuration. 1cat /proc/cmdline > /etc/kernel/cmdline linux.preset Open preset file for the current kernel in /etc/mkinitcpio.d, such as linux66.preset. Make changes following line : uncomment default_uki fallback_uki default_options comment default_image fallback_image make sure the appropriate mount point of the esp in the uki path build UKI 1sudo mkinitcpio -P After building, there should be several UKI images in /boot/efi/EFI/Linux. Optionally, we can remove old images unused under /boot. 1sudo rm /boot/initramfs* if warning about consolefont appears during build process, create vconsole.conf and build again. 1echo "KEYMAP=us\\nFONT=tcvn8x16" > /etc/vconsole.conf Secure Boot sbctl is a tool that generates signed and thus trusted images used to boot system. Create a new script sbsign-all. 1vim ./sbsign-all Write following code in this script and save 123456789101112#!/usr/bin/env bashefidir="/boot/efi"# UKI signfor file in ${efidir}/EFI/Linux/*.efi; do /usr/bin/sbctl sign -s $file; done# system-boot sign/usr/bin/sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi# kernel signfor file in /boot/vmlinuz*; do /usr/bin/sbctl sign -s $file; done change permission for excutation 1sudo chmod a+x ./sbsign-all then run the script. 1sudo ./sbsign-all Benefit from mkinitcpio hook and pacman hook, the sign process will run automatically when system upgrade or modified. After all steps above, reboot and enter UEFI setup menu, set Secure Boot ON, exit saving setting, check if the system can boot normally. Unlock LUKS via TPM The manjaro installation use LUKSv1 for the default crypt solution, but our plan only support LUKSv2. So we need convert LUKS before configuring TPM. Insert the manjaro installation U-disk into the computer, enter live CD environment. if it is prohibited by secure policy, disable secure boot mode temporarily. Open a terminal, run following command. 1sudo cryptsetup convert --type luks2 /dev/nvme0n1p5 reboot and enable secure boot mode again. Before sealing LUKS key into TPM, check command bootctl, following condition should be satisfied: system booted by systemd-boot bootloader system booted in secure boot mode If the conditions are satisfied, check the cryptsetup status: 1sudo cryptsetup luksDump /dev/nvme0n1p5 Normally it should have 1 or 2 keyslots already occupied, the first one is passphrase we set, the other is probably /crypto_keyfile.bin, and no tokens in place (yet). we suggest remove slot 1 if it’s occupied by crypto_keyfile at the moment (since it’s not safe to use crypto_keyfile in configuration we’re building). 12sudo cryptsetup luksKillSlot /dev/nvme0n1p5 1sudo rm /crypto_keyfile.bin Then seal the LUKS key into TPM with PCR 7 1sudo systemd-cryptenroll /dev/nvme0n1p5 --tpm2-device=auto --tpm2-pcrs=7 References https://forum.manjaro.org/t/howto-using-secure-boot-and-tpm2-to-unlock-luks-partition-on-boot/101626 https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot# https://wiki.archlinux.org/title/Unified_kernel_image https://wiki.archlinux.org/title/Trusted_Platform_Module https://wiki.archlinux.org/title/Systemd-cryptenroll#Trusted_Platform_Module https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Using_systemd-cryptsetup-generator https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Examples https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Trusted_Platform_Module_and_FIDO2_keys","categories":[],"tags":[{"name":"manjaro","slug":"manjaro","permalink":"http://happylzyy.github.io/tags/manjaro/"},{"name":"linux","slug":"linux","permalink":"http://happylzyy.github.io/tags/linux/"},{"name":"secureboot","slug":"secureboot","permalink":"http://happylzyy.github.io/tags/secureboot/"},{"name":"luks","slug":"luks","permalink":"http://happylzyy.github.io/tags/luks/"},{"name":"tpm","slug":"tpm","permalink":"http://happylzyy.github.io/tags/tpm/"}]},{"title":"Manjaro Linux Reinstall Record","slug":"manjaro-linux-install-record","date":"2024-03-07T13:37:48.000Z","updated":"2024-08-09T14:23:02.944Z","comments":true,"path":"2024/03/07/manjaro-linux-install-record/","link":"","permalink":"http://happylzyy.github.io/2024/03/07/manjaro-linux-install-record/","excerpt":"","text":"Manjaro Linux Setup Install partition 1234567NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTSnvme0n1 259:0 0 931.5G 0 disk├─nvme0n1p1 259:1 0 400M 0 part /boot/efi...├─nvme0n1p5 259:5 0 258G 0 part│ └─luks-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 254:0 0 258G 0 crypt /... esp partition nvme0n1p1 mount on \\boot\\efi, while the root system installed on crypted partition nvme0n1p5 with LUKSv1. Replace block names according to actual situation of your computer. System modification Before start, make an upgrade for the whole system. 1sudo pacman -Syu Repository Change server location: China Add archlinuxcn Repository at the end of file. 1234sudo echo >> /etc/pacman.conf "[archlinuxcn]Server = https://mirrors.ustc.edu.cn/archlinuxcn/$arch" Enable flatpak and AUR in \"Add / Remove Software\" setting. Install yay tool for more comfortable package management experience. 1sudo pacman -S yay Shell Install oh-my-zsh-git from archlinuxcn repository with the latest code. 1yay -S archlinuxcn/oh-my-zsh-git After installing the package, copy .zshrc from system to home directory. 1cp /usr/share/oh-my-zsh/zshrc ~/.zshrc Add the following code to the end of .zshrc for original manjaro shell experience. 12345678910# Use powerlineUSE_POWERLINE="true"# Source manjaro-zsh-configurationif [[ -e /usr/share/zsh/manjaro-zsh-config ]]; thensource /usr/share/zsh/manjaro-zsh-configfi# Use manjaro zsh promptif [[ -e /usr/share/zsh/manjaro-zsh-prompt ]]; thensource /usr/share/zsh/manjaro-zsh-promptfi At last, make some small modification, install autojump plugin. 1yay -S autojump modify the .zshrc file. 1plugins=(git autojump) then, change shell to zsh. 1chsh -s /bin/zsh sudo without password add this line at the end of file /etc/sudoers.d/10-installer 1sudo echo %wheel ALL=(ALL:ALL) NOPASSWD: ALL >> /etc/sudoers.d/10-installer GPU Switch Use envycontrol to switch intel, nvidia, and hybrid mode. 1yay -S envycontrol In addition, a kde plasma5 widget can be convenient. 1yay -S plasma5-applets-optimus-gpu-switcher Fonts Install several fonts both in Latin and Chinese. 1yay -S wqy-microhei-lite wqy-bitmapfont wqy-microhei wqy-zenhei ttf-roboto adobe-source-han-sans-cn-fonts adobe-source-han-serif-cn-fonts Install ttf-apple-emoji to replace original noto-fonts-emoji 1yay -S ttf-apple-emoji Make system custom font configuration to enable apple color emoji and change preferred Chinese fonts. 12sudo touch /etc/fonts/local.confsudo vim /etc/fonts/local.conf Paste following code into local.conf. 12345678910111213141516171819202122232425262728293031323334353637<?xml version="1.0"?><!DOCTYPE fontconfig SYSTEM "fonts.dtd"><fontconfig> <alias> <family>sans-serif</family> <prefer> <family>Noto Sans</family> <family>Apple Color Emoji</family> <family>Noto Emoji</family> <family>DejaVu Sans</family> <family>Source Han Sans CN</family> </prefer> </alias> <alias> <family>serif</family> <prefer> <family>Noto Serif</family> <family>Apple Color Emoji</family> <family>Noto Emoji</family> <family>DejaVu Serif</family> <family>Source Han Serif CN</family> </prefer> </alias> <alias> <family>monospace</family> <prefer> <family>Noto Mono</family> <family>Apple Color Emoji</family> <family>Noto Emoji</family> <family>DejaVu Sans Mono</family> <family>WenQuanYi Micro Hei Mono</family> </prefer> </alias></fontconfig> Command Install some very useful and common tools. 1yay -S zip net-tools base-devel nmap vulscan python-pypandoc 1yay -S cowsay xcowsay sl asciiquarium fortune-mod cmatrix oneko toilet lolcat Appearance Install latte dock 1yay -S latte-dock Change the desktop layout: move panel from bottom to top; add widgets into panel: Application Launcher, Global menu, Panel Spacer, Network speed, CatWalk, System tray, Pager, Digital clock, Peek at Desktop. add latte dock at bottom of desktop with widgets: Application Dashboard, Latte Tasks, Trashcan, Analog clock. add a weather widget right side the desktop. For widgets configuration, CatWalk idle threshold is 30%, weather location is Tianjin, China. For latte dock, Items absolute size is 56px., zoom on hover is 10%, background size is 14%, and Opacity is 52%. swapfile The system has no swap partition after default installation process, for the full suspend and hibernation function experience, we setup swap manually. Create a swap file matched the physical memory and set proper permissions. 12sudo fallocate -l 8G /.swapfile # create a hide swapfile on root /sudo chmod 600 /.swapfile Enable and open swap 12sudo mkswap /.swapfilesudo swapon /.swapfile Insert swap info into fstab 1sudo echo "/.swapfile none swap defaults 0 0" >> /etc/fstab Reboot and check if the swap on 123swaponNAME TYPE SIZE USED PRIO/.swapfile file 8G 0B -2 Samba In Dolphin, the property share tab is unavailable because of samba service broken. Now we fix it. 123456789101112131415161718yay -S sambasudo touch /etc/samba/smb.confsudo mkdir -p /var/lib/samba/usersharessudo groupadd sambashares -U [username]sudo chown [username]:sambashares /var/lib/samba/usersharessudo chmod 1770 /var/lib/samba/usersharessudo systemctl enable smb.service# Optionally, for accessible via NetBIOS host namesudo systemctl enable nmb.service# Optionally, for discoverable by most non-Windows file managerssudo systemctl enable avahi-daemon.service# Optionally, for discoverable by Windows, wsdd service required yay -S wsddsudo systemctl enable wsdd.service Add following text into smb.conf (in order to prevent bugs, add a blank line at the end of file.) 1234567[global] usershare path = /var/lib/samba/usershares usershare max shares = 100 usershare allow guests = yes usershare owner only = yes then reboot. Attention: it seems like there are many bugs in property share tab. Firewall A Firewall and Firewall GUI manager is optional for network using. 123yay -S firewalldsudo systemctl enable firewalld.servicesudo systemctl start firewalld.service SSD trim Trim is referred to discard unused blocks on the SSD. Trim on encrypted device has specific security risks, but for most users, the benefit of TRIM outweigh those security concerns. 12sudo cryptsetup --allow-discards --persistent refresh luks-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxsudo fstrim -a -v Java environment In order to run jar application such as minecraft, Java environment is required. we can install OpenJDK environment with JavaFX support. 1yay -S aur/java-openjfx # jre and jdk will be installed as dependencies automatically Install and config application git add lfs support 1yay -S git-lfs config username and e-mail. 12git config --global user.name "My Name"git config --global user.email "myemail@example.com" Internet Technology there are many useful packages in repository. 1yay -S archlinuxcn/*****-verge-rev-bin watt-toolkit-bin fcitx5 and rime Install fcitx5 bundle including 4 packages: fcitx5 2) fcitx5-configtool 3) fcitx5-gtk 4) fcitx5-qt and other extra packages 1yay -S fcitx5-im fcitx5-lua kcm-fcitx5 fcitx5-rime fcitx5-chinese-addons libime manjaro-asian-input-support-fcitx5 rime-symbols then reboot to apply modify. clone clover_flypinyin to local 1git clone https://github.com/happylzyy/rime-cloverpinyin.git follow the README.md to build the package. extract package to /usr/share/rime-data and replace exsiting file. create a config file in ~/.local/share/fcitx5/rime 1touch default.custom.yaml and write 12345patch: "menu/page_size": 5 schema_list: - schema: clover_flypy - schema: clover restart the rime engine. apparmor install apparmor utils and enable the service. 12yay -S apparmorsystemctl enable apparmor.service Add kernel cmdline as follows. This section is not suitable for grub but for UKI. 12mkdir /etc/cmdline.dtouch /etc/cmdline.d/security.conf 12# enable apparmorlsm=landlock,lockdown,yama,integrity,apparmor,bpf audit=1 audit_backlog_limit=256 vim install gvim via yay tool. 1yay -S gvim clone the vim config to .vim folder. 123mkdir -p ~/.vim && cd ~/.vimgit clone https://github.com/happylzyy/vim-init.gitcd vim-init && git checkout linux create a new file .vimrc' in home directory and add following code 1echo source ~/.vim/vim-init/init.vim > .vimrc open vim, type:PluginInstall` to fix missing plugins via internet. typora the last free version of typora is 0.11.18(beta), we can build it by using AUR PKGBUILD. 1yay -S aur/typora-free albert 1yay -S archlinuxcn/albert Open System Setting -> Startup and Shutdown->Autostart, add albert in autorun list. Attention: albert has no wayland support yet. WPS Install wps and all dependencies including chinese language support, font packages, and several fix patch, etc. 1yay -S wps-office wps-office-all-dicts-win-languages wps-office-mui-zh-cn wps-office-mime-cn wps-office-fonts wps-office-bwrap freetype2-wps ttf-wps-fonts ttf-ms-fonts install bug fix libtiff5 1yay -S libtiff5 GIMP 1yay -S gimp Make GIMP Look Like Photoshop, follow the PhotoGIMP project. Node.js 1yay -S nodejs npm configure local repository 1npm config set registry https://registry.npmmirror.com/ OneDrive As some files synced on onedrive, we install onedriver and create some links 123456yay -S onedrive-abraunegg onedrivegui# Seting onedrive at ~/OneDrive in the onedrivegui appln -s ~/OneDrive/Sync/Minecraft/server ./serverln -s ~/OneDrive/Sync/Calibre ./Calibreln -s ~/OneDrive/Sync/Zotero/storage ./Zotero/storage Other app without configuration 1yay -S steam stellarium visual-studio-code-bin zenmap wechat-beta-bwrap lx-music-desktop-bin calibre zotero kleopatra","categories":[],"tags":[{"name":"manjaro","slug":"manjaro","permalink":"http://happylzyy.github.io/tags/manjaro/"},{"name":"linux","slug":"linux","permalink":"http://happylzyy.github.io/tags/linux/"}]},{"title":"在Manjaro Linux上启用SecureBoot","slug":"how-to-enable-secureboot-on-manjaro","date":"2023-10-01T14:59:25.000Z","updated":"2024-04-06T14:24:02.008Z","comments":true,"path":"2023/10/01/how-to-enable-secureboot-on-manjaro/","link":"","permalink":"http://happylzyy.github.io/2023/10/01/how-to-enable-secureboot-on-manjaro/","excerpt":"","text":"什么是安全引导（SecureBoot）？ Secure Boot 是一项用于提高计算机启动安全性的技术。它的主要作用是在计算机启动过程中验证引导加载程序和操作系统内核的安全性和完整性。 Secure Boot 的工作原理是: 在 UEFI 固件中内置一个可信的公钥，用于验证引导加载程序和操作系统内核的数字签名。这些组件在发布前都要使用该公钥对应的私钥进行签名。 当计算机启动时，固件会检查引导加载程序的签名。如果签名有效，则加载引导加载程序并执行。如果签名无效，则停止启动过程。 引导加载程序再检查操作系统内核的签名。如果签名有效，则加载内核并启动操作系统。 整个启动过程中，任何一个组件的签名验证失败，都会停止启动，从而防止潜在的恶意软件入侵。 启用 Secure Boot 可以防止 rootkit 和 bootkit 等病毒的感染。它是 UEFI 固件的一个重要安全功能，现代个人计算机和服务器广泛采用。但也存在可能限制操作系统选择、增加软件兼容性问题等缺点。 启用SecureBoot过程 Manjaro Linux 系统启用 Secure Boot 的过程包括： 系统引导程序需要获得 Microsoft 的签名密钥才能让操作系统内核通过 Secure Boot 验证,但这是不可能的，因为微软不会这么做。因此替代方案是自行生成MOK密钥（Machine Owner Key）并替换 UEFI 固件的默认密钥； 按照GRUB的官方文档重新生成并安装GRUB，这一步坑比较多； 使用MOK密钥对引导程序进行签名。 MOK密钥生成和导入 在开始之前，先重启系统进入BIOS设置界面，设置SecureBoot进入Setup Mode（不同的机器可能操作不一样）。 设置完成后重启进入系统，安装以下软件： sbctl：Secure Boot key manager，这个工具使得密钥的生成和写入变得非常简单，它还拥有引导程序签名、pacman hook等功能。 1yay -S sbctl 查看SecureBoot状态： 1sudo sbctl status 应该看到 sbctl 工具未安装并且SecureBoot已禁用。 生成MOK密钥： 1sudo sbctl create-keys 这将在默认位置生成MOK密钥。 将MOK密钥连带Microsoft密钥一起导入UEFI固件中： 1sudo sbctl enroll-keys -m 注意：如果不附带“-m”选项，将会导致Mincrosoft密钥丢失，使Windows无法启动，而且某些固件会使用 Microsoft 密钥进行签名和验证，不验证设备可能会使它们变砖。 再次检查SecureBoot状态，此时sbctl会显示已安装。 1sudo sbctl status 重新构建GRUB 要使GRUB能在SecureBoot模式下启动，GRUB必须集成运行过程中所需的所有模块，可以参考ubuntu的grub生成脚本来选择所需要的模块。然后，将这些模块记录成环境变量使用。 新建\\etc\\grub_modules文件： 1sudo touch /etc/grub_modules 打开文件，加入以下内容： 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394CD_MODULES=" all_video boot btrfs cat chain configfile echo efifwsetup efinet ext2 fat font gettext gfxmenu gfxterm gfxterm_background gzio halt help hfsplus iso9660 jpeg keystatus loadenv loopback linux ls lsefi lsefimmap lsefisystab lssal memdisk minicmd normal ntfs part_apple part_msdos part_gpt password_pbkdf2 png probe reboot regexp search search_fs_uuid search_fs_file search_label sleep smbios squash4 test true video xfs zfs zfscrypt zfsinfo cpuid play tpm "GRUB_MODULES="$CD_MODULES cryptodisk gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool luks lvm mdraid09 mdraid1x raid5rec raid6rec " 或者，通过已有的grub.cfg文件寻找所需的模块： 1sudo cat /boot/grub/grub.cfg | awk '/insmod/ { print $2 }' | sort | uniq 保存文件并source： 1source /etc/grub_modules 重新构建安装GRUB到ESP分区： 1sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --modules="${GRUB_MODULES}" --sbat /usr/share/grub/sbat.csv --disable-shim-lock target选项指明系统架构，efi-directory指明ESP分区挂载的位置，sbat是SecureBoot过程中GRUB需要的小节，disable-shim-lock选项解决了shim_lock protocol not found错误。 重新生成grub.cfg: 1sudo grub-mkconfig -o /boot/grub/grub.cfg 对引导程序进行签名 1sudo sbctl sign -s /boot/efi/EFI/Manjaro/grubx64.efi 重新检查efi文件签名情况： 1sudo sbctl verify 除windows相关的引导文件外，其他efi都应该进行签名，例如黑苹果引导OpenCore文件的签名： 12345678sudo -isbctl sign -s /boot/efi/EFI/OC/OpenCore.efi #假设esp挂载点为/boot/efi/for file in /boot/efi/EFI/OC/Drivers/*; dosbctl sign -s $file;donefor file in /boot/efi/EFI/OC/Tools/*; dosbctl sign -s $file;done 测试 签名完成后，进入BIOS将SecureBoot设为启用状态。 重启进入系统，检查SecureBoot状态： 1sudo sbctl status 正常应该如下所示： 12345Installed: ✓ sbctl is installedOwner GUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxSetup Mode: ✓ DisabledSecure Boot: ✓ EnabledVendor Keys: microsoft 然后，测试其他系统是否能够启动成功。 至此，SecureBoot启用完成。","categories":[],"tags":[{"name":"manjaro","slug":"manjaro","permalink":"http://happylzyy.github.io/tags/manjaro/"},{"name":"secureboot","slug":"secureboot","permalink":"http://happylzyy.github.io/tags/secureboot/"},{"name":"bios","slug":"bios","permalink":"http://happylzyy.github.io/tags/bios/"}]},{"title":"给hexo网站增加一些有趣的特效","slug":"add-something-interesting","date":"2022-07-28T15:36:46.000Z","updated":"2022-07-28T16:03:58.000Z","comments":true,"path":"2022/07/28/add-something-interesting/","link":"","permalink":"http://happylzyy.github.io/2022/07/28/add-something-interesting/","excerpt":"","text":"给hexo网页添加一些有趣的js来增加乐趣。目前已经添加了两个：鼠标动态线条吸引跟随特效、鼠标文字弹出特效。 鼠标动态线条吸引跟随 虽然没什么用甚至有些遮挡文字阅读，但是特效好看炫酷就完事了。 打开pure主题文件themes/pure/layout/layout.ejs，在</body>标签前加一行 1<script src="https://cdn.bootcdn.net/ajax/libs/canvas-nest.js/2.0.4/canvas-nest.js"></script> 保存修改，重新生成blog查看效果。 鼠标文字弹出特效 作为一名有理想有志向的爱国青年，社会主义核心价值观要牢记心中。 目前没有发现该特效js的托管CDN，只能全代码添加了。同样是pure主题文件themes/pure/layout/layout.ejs，在</body>标签前加入以下代码： 1234567891011121314151617181920212223242526272829<script type="text/javascript">var a_idx = 0;jQuery(document).ready(function($) { $("body").click(function(e) { var a = new Array("富强", "民主", "文明", "和谐", "自由", "平等", "公正" ,"法治", "爱国", "敬业", "诚信", "友善"); var $i = $("<span/>").text(a[a_idx]); a_idx = (a_idx + 1) % a.length; var x = e.pageX, y = e.pageY; $i.css({ "z-index": 999999999999999999999999999999999999999999999999999999999999999999999, "top": y - 20, "left": x, "position": "absolute", "font-weight": "bold", "color": "#ff6651" }); $("body").append($i); $i.animate({ "top": y - 180, "opacity": 0 }, 1500, function() { $i.remove(); }); });});</script> 特别地是，代码已经展示了如何自定义，有需要可以自己定制弹出文字。 保存文件，重新生成网页查看效果。 网页宠物 TODO 未完待续......","categories":[],"tags":[{"name":"javascript","slug":"javascript","permalink":"http://happylzyy.github.io/tags/javascript/"},{"name":"hexo","slug":"hexo","permalink":"http://happylzyy.github.io/tags/hexo/"}]},{"title":"ArchLinux中HMCL启动器提示缺少JavaFX的解决方法","slug":"HMCL-missing-openjfx","date":"2022-07-12T06:36:18.000Z","updated":"2023-09-17T11:52:24.000Z","comments":true,"path":"2022/07/12/HMCL-missing-openjfx/","link":"","permalink":"http://happylzyy.github.io/2022/07/12/HMCL-missing-openjfx/","excerpt":"","text":"问题描述 在Arch Linux系统中已经安装了以下默认版本的软件包： java-openjfx jdk-openjdk jre-openjdk jre-openjdk-headless 运行HMCL的时候会提示找不到JavaFX： 1234[org.jackhuang.hmcl.util.SelfDependencyPatcher.patch/INFO] Missing JavaFX dependencies, attempting to patch in missing classes[org.jackhuang.hmcl.util.SelfDependencyPatcher.loadFromCache/INFO] - Loading dependencies...[org.jackhuang.hmcl.util.SelfDependencyPatcher.patch/INFO] - Done! HMCL是一个很好用的minecraft启动器，它能够自动到网络上下载所需的依赖，但是系统本身已经安装了所需依赖，为什么不用呢？ 据了解，JavaFX不再是OpenJDK的一部分了，因此用默认的OpenJDK运行jar会出现找不到JavaFX模块的问题。 解决的方法是手动添加JavaFX模块。由于某种未知的原因，Arch Linux中，java-openjfx包会将JavaFX库安装到OpenJDK的lib目录中，导致以下添加方式出现错误 123$ java --module-path /usr/lib/jvm/java-20-openjdk/lib --add-modules javafx.base,javafx.controls,javafx.fxml,javafx.graphics,javafx.media,javafx.swing,javafx.web -jar HMCL-3.5.5.jarError occurred during initialization of boot layerjava.lang.LayerInstantiationException: Package jdk.internal.jrtfs in both module java.base and module jrt.fs 这是因为，在顶级目录中不包含module-info.class的jar文件被视为自动模块自动加载，jrt.fs包含编译为JDK 8的“jrt”文件系统提供程序的副本，最终结果是出现两个包含jdk.internal.jrtfs包（以及许多其他包）的冲突模块。解决冲突的方法是更加详细地描述添加模块的路径信息。 解决方法 1234#!/usr/bin/shexport PATH_TO_FX=/usr/lib/jvm/java-20-openjdk/libjava --module-path $PATH_TO_FX/javafx.base.jar:$PATH_TO_FX/javafx.controls.jar:$PATH_TO_FX/javafx.fxml.jar:$PATH_TO_FX/javafx.graphics.jar:$PATH_TO_FX/javafx.media.jar:$PATH_TO_FX/javafx.swing.jar:$PATH_TO_FX/javafx.web.jar:$PATH_TO_FX/javafx-swt.jar --add-modules ALL-MODULE-PATH -jar HMCL-3.5.5.jar","categories":[],"tags":[{"name":"hmcl","slug":"hmcl","permalink":"http://happylzyy.github.io/tags/hmcl/"},{"name":"javafx","slug":"javafx","permalink":"http://happylzyy.github.io/tags/javafx/"},{"name":"archlinux","slug":"archlinux","permalink":"http://happylzyy.github.io/tags/archlinux/"}]},{"title":"heroku反向代理gitalk解决403问题","slug":"use-herokuapp-proxy-gitalk","date":"2022-07-03T13:01:09.000Z","updated":"2022-07-03T14:26:19.000Z","comments":true,"path":"2022/07/03/use-herokuapp-proxy-gitalk/","link":"","permalink":"http://happylzyy.github.io/2022/07/03/use-herokuapp-proxy-gitalk/","excerpt":"","text":"Gitalk 403 问题 Gitalk评论系统在登录github时显示error: request failed with status code 403。这是因为 gitalk 在访问 github 时为了解决跨域问题而使用了一个反向代理，这个默认的反向代理近期限制了访问，所以无法使用了。 在网上找了好几个反向代理地址，但是都不好用，因此决定自己建一个反向代理服务器。教程分为两个部分，第一部分是服务器端的配置，第二部分是hexo网站的配置。 服务器端 这里用到了开源项目CORS Anywhere，这个项目可以直接在heroku上运行。 注册heroku帐号 首先需要到heroku官网注册帐号，注册和验证的过程可能需要用到不可描述的工具。 下载安装Hero CLI Hero CLI需要用到git，如果没有装git，请看这里 Git installation First-time Git setup 在Linux上安装heroku-cli比较简单，只需要运行 1curl https://cli-assets.heroku.com/install.sh | sh 对于arch系Linux，还可以用AUR安装 1yay -S hero-cli 下载安装CORS Anywhere 运行git clone 1git clone https://github.com/Rob--W/cors-anywhere.git 进入cors-anywhere目录，安装依赖包 12cd cors-anywherenpm i 部署CORS Anywhere 登录heroku-cli 1heroku login -i 在CORS Anywhere目录下创建新的app 1hero create [app名称] #app名称留空会使用随机名称 将CORS Anywhere推送到heroku上 1git push heroku master 这时候安装部署完成，可以看到部署完成后的heroku app地址，复制下来一会儿要用到。 Hexo配置 主题文件修改 不同的主题可能有不同的修改方式，这里修改的是pure主题。主要做了以下更改： 将gitalk修改为最新版本 修改var gitalk增加proxy值 打开/layout/_common/head.ejs文件，找到 1<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/gitalk@1.4.0/dist/gitalk.min.css"> 修改为 1<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/gitalk@1.7.2/dist/gitalk.css"> 这样Pure主题可以用到最新的gitalk版本。 打开/layout/_script/_comment/gitalk.ejs，修改两处 123456789101112131415161718@@ -1,6 +1,6 @@ <% if (typeof(script) !== 'undefined' && script) { %> <!-- <link rel="stylesheet" href="https://unpkg.com/gitalk/dist/gitalk.css"> -->- <script src="//cdn.jsdelivr.net/npm/gitalk@1.6.2/dist/gitalk.min.js"></script>+ <script src="//cdn.jsdelivr.net/npm/gitalk@1.7.2/dist/gitalk.min.js"></script> <script src="//cdn.jsdelivr.net/npm/blueimp-md5@2.10.0/js/md5.min.js"></script> <script type="text/javascript"> var gitalk = new Gitalk({@@ -12,7 +12,8 @@ id: md5(location.pathname), distractionFreeMode: true, language: '<%= theme.comment.gitalk.language %>',- enableHotKey: '<%= theme.comment.gitalk.enableHotKey %>'+ enableHotKey: '<%= theme.comment.gitalk.enableHotKey %>',+ proxy: '<%= theme.comment.gitalk.proxy %>' }) gitalk.render('comments') </script> gitalk@1.6.2改成gitalk@1.7.2以使用最新版本gitalk，var gitalk变量增加一条内容proxy: '<%= theme.comment.gitalk.proxy %>'，注意上一条内容后面加, 修改主题配置 在pure主题配置文件中增加proxy地址，不同的主题gitalk位置可能不同。 打开_config.pure.yaml文件，在gitalk里增加proxy地址 1234567gitalk: # gitalk. https://gitalk.github.io/ owner: #必须. GitHub repository 所有者，可以是个人或者组织。 admin: #必须. GitHub repository 的所有者和合作者 (对这个 repository 有写权限的用户)。 repo: #必须. GitHub repository. ClientID: #必须. GitHub Application Client ID. ClientSecret: #必须. GitHub Application Client Secret. proxy: https://[heroku app 地址]/https://github.com/login/oauth/access_token 这样Hexo就修改完了，重新生成和部署Hexo站点到Github，尝试登录Gitalk。 总结 Gitalk 403 问题是默认的反向代理地址失效造成的，通过使用heroku自建反向代理服务解决Gitalk 403问题。","categories":[],"tags":[{"name":"heroku","slug":"heroku","permalink":"http://happylzyy.github.io/tags/heroku/"},{"name":"gitalk","slug":"gitalk","permalink":"http://happylzyy.github.io/tags/gitalk/"},{"name":"proxy","slug":"proxy","permalink":"http://happylzyy.github.io/tags/proxy/"}]},{"title":"R720-15IKBN MSR 0xE2 CFG Lock 解锁","slug":"how-to-unlock-cfg-lock","date":"2022-07-03T06:15:11.000Z","updated":"2022-07-03T06:24:49.000Z","comments":true,"path":"2022/07/03/how-to-unlock-cfg-lock/","link":"","permalink":"http://happylzyy.github.io/2022/07/03/how-to-unlock-cfg-lock/","excerpt":"","text":"什么是 MSR CFG Lock 解锁？ MSR（Model Specific Register）是x86架构中的概念，指的是在x86架构处理器中，一系列用于控制CPU运行、功能开关、调试、跟踪程序执行、监测CPU性能等方面的寄存器。 大多数UEFI主板厂家，锁定了MSR寄存器的第15位为只读，也就是MSR 0xE2 Locking（BIOS 中叫CFG Lock）。苹果macOS系统的电源管理、CPU的P-state、C-state放在MSR寄存器里，MSR 0xE2被锁定为只读后，macOS系统的电源管理驱动扩展AppleIntelCPUPowerManagement一旦尝试去写入数据，系统就会马上崩溃。有些主板上有选项“CFG Lock”，其说明内容为”关闭或开启MSR 0xE2″，可以手动开关，有些主板则屏蔽了这个选项。当使用黑苹果时，必须解锁MSR 0xE2，否则无法使用苹果的原生电源管理。 联想等一些 OEM 设置了BIOS内部的变量，也就是说固化到了BIOS的固件代码里，如果不对 BIOS 进行物理修改就无法解锁它，对于这种情况，需要修改BIOS才能解锁CFG Lock。Lenovo R720-15IKBN就属于上述情况，因此要对BIOS进行修改。 刷机有风险，搞机须谨慎！失败会造成电脑变砖，没有救砖技术请不要尝试！本文仅供参考，对于读者自己造成的损坏不承担任何责任！ 环境准备 插了稳定交流电源的Lenovo R720-15IKBN 笔记本电脑 Windows 10，因为大部分操作都在Win环境下进行 macOS与OpenCore 一个格式化文件系统为FAT32的U盘 安静的没有人打扰您的环境 工具准备 Lenovo 官方 4KCN27WW版 BIOS 联想官方BIOS通常具有写保护措施，而27版BIOS没有写保护因此可以进行修改，BIOS降级程序可在官网输入主机编号后寻找下载到。 下载地址：https://newsupport.lenovo.com.cn/ Intel CSME System Tools 用于Dump BIOS 固件，根据不同的平台选择不同的版本，这里选择v11 r37版。 下载地址：https://comsystem-tlt.ru/obzori/me-txe-region UEFITool 查找BIOS中相关变量（字符串）的工具。 下载地址：https://github.com/LongSoft/UEFITool/releases IRFExtractor 将UEFITool得到的PE32 image转换成文本的工具。 下载地址：https://github.com/LongSoft/Universal-IFR-Extractor/releases easyUEFI或Bootice 用于修改UEFI启动项。 BIOS 降级 进入UEFI BIOS 设置，将BIOS Back Flash设为Enabled，允许BIOS回滚刷新； 重启进入Windows，运行从官网下载的27版BIOS降级程序，安装完成后系统自动重启，开始降级过程。 注意在降级过程中一定不要断开电源！ BIOS刷写成功后，电脑会自动重启数次，属于正常现象，不要断电源。 刷写后可能无法进入Win系统，重新进入UEFI BIOS设置，关闭安全启动，将SATA控制器工作模式设置为AHCI，保存设置后重启就能进入系统。 提取主板BIOS 进入系统后，打开Intel CSME System Tools v11 r37/Flash Programming Tool/WIN64，新建文本文档，输入以下代码 12cd /d %~dp0fptw64.exe -bios -d backup.fd 保存后修改文件扩展名为.cmd，右键以管理员身份运行，提取主板BIOS，提取后的文件存储在同目录下，名字为backup.fd。 提取BIOS信息 打开UEFITool，菜单栏选择File > Open image file...，选择上一步提取出的backup.fd。 菜单栏选择Action > Search...，在弹出的对话框中选择Text，输入CFG Lock，搜索的结果在下方显示，双击Unicode text \"CFG Lock\" in DriverSampleDxe/PE32 image section at header-offset 496F4h定位到CFG Lock所在位置。 在定位到的位置右击PE32 image section，选择Extarct as is...，将PE32 image文件保存。 接下来，我们需要把PE32 image转换成我们能读懂的信息。 打开IFRExtractor，直接点击右侧加载按钮，打开上一步的PE32文件，再点击Extract，就会生成txt文本，并保存到相应的文件夹。 寻找需要的偏移量 打开转换的txt文件，搜索字符串CFG Lock，定位到CFG Lock位置，如下所示，不同机器可能不同： 123450x9B0B4 Form: View/Configure CPU Lock Options, FormId: 0x1012 {01 86 12 10 C3 00}0x9B0BA One Of: CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3, QuestionId: 0x145, Size: 1, Min: 0x0, Max 0x1, Step: 0x0 {05 91 66 02 67 02 45 01 03 00 3C 00 10 10 00 01 00}0x9B0CB One Of Option: Disabled, Value (8 bit): 0x0 {09 07 04 00 00 00 00}0x9B0D2 One Of Option: Enabled, Value (8 bit): 0x1 (default) {09 07 03 00 30 00 01}0x9B0D9 End One Of {29 02} 其中 CFG Lock, VarStoreInfo (VarOffset/VarName): 0x3C, VarStore: 0x3就是我们要找的。 VarStoreInfo的值是CFG Lock这个选项的地址，也可以说其在BIOS中的偏移量。后面的VarStore是BIOS默认值，此处为0x3。而我们想要解锁它就需要把它修改成0x0，即下面对应的Disabled Option，就是需要把0x3C这个偏移地址上的数值修改为0x0。 请注意，可变偏移量不仅对于每个主板是唯一的，甚至对于每个固件版本也是唯一的。所以读者应该自己寻找偏移量，切勿在不检查的情况下尝试使用本文中的偏移量。 修改BIOS偏移量 这里使用的工具是RU.efi。 打开U盘，新建EFI/BOOT/目录，将RU.efi重命名为BOOTX64.efi放到该目录下。 重启系统，选择从U盘启动，按任意键即可进入RU工具。 进入后按 alt+= 切换进 \"ACPI Variable\"； 用PageUp/PageDown/上下方向键找到\"CPUSetup\"； 回车进入，然后用上下左右方向键找到对应的地址（本文中是0x3C，那么就是纵坐标0030，横坐标0C的位置）； 回车，输入0就可以看到它变成了0，再按回车确认； 按Ctrl +W来保存，保存的时候屏幕上会直接显示Updated OK，这说明写入成功； 按Alt+Q 来退出，然后即可回到引导进入系统了，此时CFG已经解锁。 检查解锁情况 通过 ControlMsrE2 检查，将OpenCore自带的Tools/ControlMsrE2.efi加入到Config.plist配置文件中 。接下来，启动 OpenCore 并选择ControlMsrE2.efi条目。这应该会显示以下内容： 1This firmware has UNLOCKED MSR 0xE2 register! 说明MSR 0xE2解锁成功。 修改OpenCore配置文件 在Kernel Option中取消AppleCpuPmCfgLock和AppleXcpmCfgLock的勾选。 恭喜您完成MSR CFG Lock解锁全过程！现在您将拥有正确的 CPU 电源管理。 参考资料 解锁CFG Lock | 张登友的博客 (zdynb.cn) 修复CFG锁-远景论坛-微软极客社区 (pcbeta.com) 从Clover到OC （重难点：Insyde BIOS 解锁CFG Lock） - 知乎 (zhihu.com)","categories":[],"tags":[{"name":"bios","slug":"bios","permalink":"http://happylzyy.github.io/tags/bios/"},{"name":"hackintosh","slug":"hackintosh","permalink":"http://happylzyy.github.io/tags/hackintosh/"}]},{"title":"Pure主题使用Katex渲染Latex公式","slug":"how-to-render-latex-equation-code-with-katex","date":"2022-07-03T05:57:00.000Z","updated":"2022-07-03T06:03:48.000Z","comments":true,"path":"2022/07/03/how-to-render-latex-equation-code-with-katex/","link":"","permalink":"http://happylzyy.github.io/2022/07/03/how-to-render-latex-equation-code-with-katex/","excerpt":"","text":"Pure主题的数学公式功能并不完善，为了支持Katex，对Pure主题和Hexo配置做了大量修改。 Hexo配置修改 Hexo自带的渲染插件不支持数学公式，因此先卸载自带的渲染插件 npm uninstall hexo-renderer-marked --save 删除其他任何与数学公式有关的插件，如hexo-math、markdown-it-katex等等； 删除_config.yaml配置文件里与数学公式有关的部分； 安装新的渲染插件 npm install hexo-renderer-pandoc --save 安装依赖的软件包pandoc，打开终端运行yay -Syu pandoc； Pure主题修改 打开head.ejs文件，该文件位于themes/pure/layout/_common/，找到 123<% if (page.mathjax) { %><link href="//cdn.jsdelivr.net/npm/katex@0.9.0/dist/katex.min.css" rel="stylesheet"><% } %> 修改为 12345678910<% if (page.katex) { %> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.css" integrity="sha384-Xi8rHCmBmhbuyyhbI88391ZKP2dmfnOl4rT9ZfRI7mLTdk1wblIUnrIq35nqwEvC" crossorigin="anonymous"> <!-- The loading of KaTeX is deferred to speed up page rendering --> <script defer src="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.js" integrity="sha384-X/XCfMm41VSsqRNQgDerQczD69XqmjOOOwYQvr/uuC+j4OPoNhVgjdGFwhvN02Ja" crossorigin="anonymous"></script> <!-- To automatically render math in text elements, include the auto-render extension: --> <script defer src="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/contrib/auto-render.min.js" integrity="sha384-+XBljXPPiv+OzfbB3cVmLHf4hdUFHlWNZN5spNQ7rmHTXpd7WvJum6fIACpNNfIR" crossorigin="anonymous" onload="renderMathInElement(document.body);"></script><% } %> 删除themes/pure/layout/_script/mathjax.ejs文件。 启用数学公式 需要写公式的文章在开头加入 1katex: true 来测试一下公式渲染吧！ 12345678910111213$$\\begin{cases}\\nabla\\times\\vec{E}=-\\frac{\\partial\\vec{B}}{\\partial t}\\\\\\nabla\\times\\vec{H}=\\vec{J_v}+\\frac{\\partial\\vec{D}}{\\partial t}\\\\\\nabla\\cdot\\vec{D}=\\rho_v\\\\\\nabla\\cdot\\vec{B}=0\\end{cases}\\quad\\begin{cases}\\vec{D}=\\epsilon\\vec{E}\\\\\\vec{B}=\\mu\\vec{H}\\\\\\vec{J_v}=\\sigma\\vec{E}\\end{cases}$$ 渲染为 \\[ \\begin{cases} \\nabla\\times\\vec{E}=-\\frac{\\partial\\vec{B}}{\\partial t}\\\\ \\nabla\\times\\vec{H}=\\vec{J_v}+\\frac{\\partial\\vec{D}}{\\partial t}\\\\ \\nabla\\cdot\\vec{D}=\\rho_v\\\\ \\nabla\\cdot\\vec{B}=0 \\end{cases}\\quad \\begin{cases} \\vec{D}=\\epsilon\\vec{E}\\\\ \\vec{B}=\\mu\\vec{H}\\\\ \\vec{J_v}=\\sigma\\vec{E} \\end{cases} \\]","categories":[],"tags":[{"name":"katex","slug":"katex","permalink":"http://happylzyy.github.io/tags/katex/"}]},{"title":"使用Hexo建立个人Blog站","slug":"how-to-build-blog-with-hexo","date":"2021-08-05T17:41:30.000Z","updated":"2024-08-09T14:45:29.679Z","comments":true,"path":"2021/08/06/how-to-build-blog-with-hexo/","link":"","permalink":"http://happylzyy.github.io/2021/08/06/how-to-build-blog-with-hexo/","excerpt":"","text":"本文章记录了本博客的建立过程，以下所有操作是在Manjaro Linux上进行的，其他未尽事宜请见官方文档。 Hexo简介 Hexo是一个快速、简洁且高效的博客框架； 可以使用 Markdown 来排版和写文章； 生成的网页是静态页面的，特别适合用来白嫖 GitHub Pages😈。 安装环境 Hexo运行所需的软件和安装命令如下： Node.js 1yay -Sy nodejs npm 由于某些不可描述的原因，npm需要换成国内的淘宝源： 1npm config set registry https://registry.npm.taobao.org Git 1yay -Sy git Hexo站点初始化 建立一个空文件夹并进入这个文件夹，这将成为博客站的主目录 1mkdir hexo_blog && cd hexo_blog 在该目录内安装Hexo 1npm install hexo 进行hexo初始化 1npx hexo init 此时，一个Hexo驱动的博客站就建好了。要查看刚刚建好的博客，可以执行npx hexo clean && npx hexo g && npx hexo s，按住Ctrl建点击生成的网址即可打开。 Hexo管理 这里列举几个常用的Hexo命令 清理生成的文件 1npx hexo clean 生成文件 1npx hexo generate 进行预览 1npx hexo server 新建文章 1npx hexo new "NewPostName" Hexo主题修改 Hexo有很多主题可供选择，在官网的主题站挑选，这里选择pure主题。 在博客站主目录下克隆主题 1git clone https://github.com/cofess/hexo-theme-pure.git themes/pure 安装pure主题的依赖包 12345npm install hexo-wordcount --savenpm install hexo-generator-json-content --savenpm install hexo-generator-feed --savenpm install hexo-generator-sitemap --savenpm install hexo-generator-baidu-sitemap --save 复制一份主题配置样例到博客主目录 1cp themes/pure/_config.yml _config.pure.yml 修改博客配置_config.yml，将themes: landscape修改为themes: pure。 根据说明文档对主题配置进行相关修改。 Hexo部署 登录自己的GitHub，新建一个Repository，名字为[GitHub用户名].github.io。 在Repository的Setting中勾选GitHub Pages功能。 打开博客配置文件_config.yml修改博客网站的描述部分 123456789# Sitetitle: Someone's Blog # 博客标题subtitle: '' # 次标题description: '' #网站描述keywords: # 关键词author: me # 作者language: en # 博客网站语言，英语en，中文zh-CNtimezone: '' # 时区 修改站点网址部分 1234# URL## Set your site url here. For example, if you use GitHub Page, set url as 'https://username.github.io/project'url: http://[Github用户名].github.io 修改部署部分 1234deploy: type: 'git' # 部署方式为git repository: git@github.com:happylzyy/happylzyy.github.io.git # Repository远程仓库地址 branch: master # 部署到远程分支master 配置完成后，运行npx hexo clean && npx hexo g重新生成博客，再运行npx hexo deploy即可部署到GitHub上。","categories":[],"tags":[{"name":"hexo","slug":"hexo","permalink":"http://happylzyy.github.io/tags/hexo/"}]}],"categories":[],"tags":[{"name":"manjaro","slug":"manjaro","permalink":"http://happylzyy.github.io/tags/manjaro/"},{"name":"linux","slug":"linux","permalink":"http://happylzyy.github.io/tags/linux/"},{"name":"secureboot","slug":"secureboot","permalink":"http://happylzyy.github.io/tags/secureboot/"},{"name":"luks","slug":"luks","permalink":"http://happylzyy.github.io/tags/luks/"},{"name":"tpm","slug":"tpm","permalink":"http://happylzyy.github.io/tags/tpm/"},{"name":"bios","slug":"bios","permalink":"http://happylzyy.github.io/tags/bios/"},{"name":"javascript","slug":"javascript","permalink":"http://happylzyy.github.io/tags/javascript/"},{"name":"hexo","slug":"hexo","permalink":"http://happylzyy.github.io/tags/hexo/"},{"name":"hmcl","slug":"hmcl","permalink":"http://happylzyy.github.io/tags/hmcl/"},{"name":"javafx","slug":"javafx","permalink":"http://happylzyy.github.io/tags/javafx/"},{"name":"archlinux","slug":"archlinux","permalink":"http://happylzyy.github.io/tags/archlinux/"},{"name":"heroku","slug":"heroku","permalink":"http://happylzyy.github.io/tags/heroku/"},{"name":"gitalk","slug":"gitalk","permalink":"http://happylzyy.github.io/tags/gitalk/"},{"name":"proxy","slug":"proxy","permalink":"http://happylzyy.github.io/tags/proxy/"},{"name":"hackintosh","slug":"hackintosh","permalink":"http://happylzyy.github.io/tags/hackintosh/"},{"name":"katex","slug":"katex","permalink":"http://happylzyy.github.io/tags/katex/"}]}